Dealing with computer security incidents is extremely difficult. There are many ways that incidents can occur and many types of impact they can have on an organization. There are no complete solutions, and the partial solutions that exist are expensive and resource intensive. However, the alternative--not dealing with security incidents--is yet more expensive, and using weak methods for dealing with incidents may only compound the damage that incidents cause. What is required is a long-term commitment to develop the capability to deal with security incidents, not just make short-term fixes of selected problems.

A security incident is the act of violating an explicit or implied security policy at a single site or across multiple organizations. An external security incident is one caused by an individual or group not part of the organizations that are violated. This paper discusses some of the effort required to deal with external security incidents on an organization's hosts (computers) and network. We look at both responsive actions to incidents and proactive actions to mitigate the risk of such incidents. Because of inherent weaknesses in many of the current network protocols and vulnerabilities in widely used software, external security incidents are inevitable to any organization with a connection to a wide-area public network, even a narrow and limited connection.

Spotlight

By working with the DevOps team, you can ensure that the production environment is more predictable, auditable and more secure than before. The key is to integrate your security requirements into the DevOps pipeline.

A critical vulnerability in ANTlabs InnGate devices, a popular Internet gateway for visitor-based networks and commonly installed in hotels and convention centers, has been discovered. The flaw could allow an attacker to monitor or tamper with traffic to and from any hotel WiFi user's connection.

In this interview, Raj Samani, VP and CTO EMEA at Intel Security, talks about successful information security strategies aimed at the critical infrastructure, government challenges, the role of regulation, and more.